一些安全更新刚刚发布,我想重建我的 Docker 镜像以利用这些更新。
但是当我运行它时docker build .,它立即完成,没有更新任何内容,因为 中没有任何变化Dockerfile,并且所有内容都已缓存。它甚至没有尝试运行apt-get update我的 中的行Dockerfile。
apt-get update即使没有任何改变,我怎样才能强制 Docker 再次运行该命令?
有一个--no-cache选项说它不会在构建期间使用缓存,但我希望它之前使用缓存来执行命令,apt-get update并且我希望将结果保存到缓存中以供下次运行(替换当前缓存的图像),所以我肯定希望使用缓存。
我也无法使用它来删除运行docker rmi后生成的图像,因为它拒绝删除该图像。apt-getimage has dependent child images
答案1
您可以尝试以下操作:
FROM ubuntu:16.04
# LAYER 1
RUN echo "$(date), layer1" > /tmp/cache.txt
# LAYER 2
RUN echo "$(date), layer2" >> /tmp/cache.txt
# LAYER 3
ARG FORCE_UPDATE=no
RUN echo "$(date), layer3" >> /tmp/cache.txt
# LAYER 4
RUN echo "$(date), layer4" >> /tmp/cache.txt
CMD ["cat", "/tmp/cache.txt"]
首次构建镜像
$ docker build -t serverfault:900445 .
Sending build context to Docker daemon 2.048kB
Step 1/7 : FROM ubuntu:16.04
---> 0458a4468cbc
Step 2/7 : RUN echo "$(date), layer1" > /tmp/cache.txt
---> Running in ac7f6b1e915a
Removing intermediate container ac7f6b1e915a
---> 42a6d14cc4cc
Step 3/7 : RUN echo "$(date), layer2" >> /tmp/cache.txt
---> Running in ba4cf5b54c35
Removing intermediate container ba4cf5b54c35
---> 783957979b21
Step 4/7 : ARG FORCE_UPDATE=no
---> Running in 818fd652d5cb
Removing intermediate container 818fd652d5cb
---> b8afb473cd9d
Step 5/7 : RUN echo "$(date), layer3" >> /tmp/cache.txt
---> Running in 38c0e6cbb94e
Removing intermediate container 38c0e6cbb94e
---> 03ac41df5bfa
Step 6/7 : RUN echo "$(date), layer4" >> /tmp/cache.txt
---> Running in 0294b5a4078e
Removing intermediate container 0294b5a4078e
---> 141667a2d5f3
Step 7/7 : CMD ["cat", "/tmp/cache.txt"]
---> Running in 86b852d8222d
Removing intermediate container 86b852d8222d
---> dcd57aca0c25
Successfully built dcd57aca0c25
Successfully tagged serverfault:900445
我们可以看到所有层都已构建。再运行一次
$ docker build -t serverfault:900445 .
Sending build context to Docker daemon 2.048kB
Step 1/7 : FROM ubuntu:16.04
---> 0458a4468cbc
Step 2/7 : RUN echo "$(date), layer1" > /tmp/cache.txt
---> Using cache
---> 42a6d14cc4cc
Step 3/7 : RUN echo "$(date), layer2" >> /tmp/cache.txt
---> Using cache
---> 783957979b21
Step 4/7 : ARG FORCE_UPDATE=no
---> Using cache
---> b8afb473cd9d
Step 5/7 : RUN echo "$(date), layer3" >> /tmp/cache.txt
---> Using cache
---> 03ac41df5bfa
Step 6/7 : RUN echo "$(date), layer4" >> /tmp/cache.txt
---> Using cache
---> 141667a2d5f3
Step 7/7 : CMD ["cat", "/tmp/cache.txt"]
---> Using cache
---> dcd57aca0c25
Successfully built dcd57aca0c25
Successfully tagged serverfault:900445
现在所有图层都已从缓存中取出。简单检查
$ docker run -it --rm serverfault:900445
Wed Mar 7 15:44:22 UTC 2018, layer1
Wed Mar 7 15:44:23 UTC 2018, layer2
Wed Mar 7 15:44:24 UTC 2018, layer3
Wed Mar 7 15:44:25 UTC 2018, layer4
现在,如果您需要强制更新某些特定层的缓存,请使用以下命令
$ docker build --build-arg FORCE_UPDATE=$(date '+%s') -t serverfault:900445 .
Sending build context to Docker daemon 2.048kB
Step 1/7 : FROM ubuntu:16.04
---> 0458a4468cbc
Step 2/7 : RUN echo "$(date), layer1" > /tmp/cache.txt
---> Using cache
---> 42a6d14cc4cc
Step 3/7 : RUN echo "$(date), layer2" >> /tmp/cache.txt
---> Using cache
---> 783957979b21
Step 4/7 : ARG FORCE_UPDATE=no
---> Using cache
---> b8afb473cd9d
Step 5/7 : RUN echo "$(date), layer3" >> /tmp/cache.txt
---> Running in f8ad1cd195eb
Removing intermediate container f8ad1cd195eb
---> b22972691095
Step 6/7 : RUN echo "$(date), layer4" >> /tmp/cache.txt
---> Running in 9994175a082e
Removing intermediate container 9994175a082e
---> 7ed42904373f
Step 7/7 : CMD ["cat", "/tmp/cache.txt"]
---> Running in 67de76e45d43
Removing intermediate container 67de76e45d43
---> 833f3faf9fd7
Successfully built 833f3faf9fd7
Successfully tagged serverfault:900445
如你所见,第 1、2 层已从缓存中取出,但第 3 层和所有最新层均已重建
$ docker run -it --rm serverfault:900445
Wed Mar 7 15:44:22 UTC 2018, layer1
Wed Mar 7 15:44:23 UTC 2018, layer2
Wed Mar 7 15:45:35 UTC 2018, layer3
Wed Mar 7 15:45:35 UTC 2018, layer4
再重复一次
$ docker build --build-arg FORCE_UPDATE=$(date '+%s') -t serverfault:900445 .
Sending build context to Docker daemon 2.048kB
Step 1/7 : FROM ubuntu:16.04
---> 0458a4468cbc
Step 2/7 : RUN echo "$(date), layer1" > /tmp/cache.txt
---> Using cache
---> 42a6d14cc4cc
Step 3/7 : RUN echo "$(date), layer2" >> /tmp/cache.txt
---> Using cache
---> 783957979b21
Step 4/7 : ARG FORCE_UPDATE=no
---> Using cache
---> b8afb473cd9d
Step 5/7 : RUN echo "$(date), layer3" >> /tmp/cache.txt
---> Running in 618880ba45be
Removing intermediate container 618880ba45be
---> b0512372ddfd
Step 6/7 : RUN echo "$(date), layer4" >> /tmp/cache.txt
---> Running in 0cb552431048
Removing intermediate container 0cb552431048
---> 61be6f0c0f21
Step 7/7 : CMD ["cat", "/tmp/cache.txt"]
---> Running in 5f9ee850c28e
Removing intermediate container 5f9ee850c28e
---> ac73b7754107
Successfully built ac73b7754107
Successfully tagged serverfault:900445
$ docker run -it --rm serverfault:900445
Wed Mar 7 15:44:22 UTC 2018, layer1
Wed Mar 7 15:44:23 UTC 2018, layer2
Wed Mar 7 15:46:10 UTC 2018, layer3
Wed Mar 7 15:46:11 UTC 2018, layer4
答案2
我采取的另一种方法是使用以下LABEL命令:
FROM ...
# Update this date to re-run apt-get.
LABEL package.date=2021-09-12
RUN apt-get ...
然后,每当标签中的日期发生更改时,之后的每个命令都会再次运行。作为奖励,日期会内置到映像中,因此您可以检索它,docker inspect --format '{{ index .Config.Labels "package.dates" }}' <container>以便检查映像以查找一段时间内没有任何安全更新的映像,即使它们最近已重建。
另一个可以节省更新软件包时间的技巧是先更新基础镜像。使用如下 Dockerfile:
FROM debian:stable
...
您可以运行docker pull debian:stable以将该标签/图像更新为最新版本。下次构建 Docker 映像时,它将从该新版本开始,并在其后重建所有内容,因为从该新基础映像开始还没有任何缓存层。
通常,基础映像会定期更新以包含最新的软件包,因此首先更新基础映像通常会导致后续apt-get update需要下载的软件包数量较少。
答案3
使用--cache-from=...选项并指定最后一层的哈希值以重用而无需重建。所有后续层都将被重建。
假设我有以下缓存的docker构建:
$ docker build -t pinger:latest .
Sending build context to Docker daemon 6.924MB
Step 1/5 : FROM ubuntu:latest
---> 58db3edaf2be
Step 2/5 : RUN echo "$(date)"
---> Using cache
---> b62b5deffedf
Step 3/5 : RUN apt-get update -y && apt-get install -y iputils-ping
---> Using cache
---> 02ba4da7d7a6
Step 4/5 : ENTRYPOINT ["ping"]
---> Using cache
---> dfd4c593d7be
Step 5/5 : CMD ["127.0.0.1"]
---> Using cache
---> 716cc6cbcf0e
Successfully built 716cc6cbcf0e
Successfully tagged pinger:latest
现在,如果我想强制 apt-get stanza 重新运行:
$ docker build --cache-from=b62b5deffedf -t pinger:latest .
Sending build context to Docker daemon 6.924MB
Step 1/5 : FROM ubuntu:latest
---> 58db3edaf2be
Step 2/5 : RUN echo "$(date)"
---> Using cache
---> b62b5deffedf
Step 3/5 : RUN apt-get update -y && apt-get install -y iputils-ping
---> Running in 0d96737075a6
...